last sync: 2022-Nov-25 17:41:58 UTC

Azure Policy definition

Endpoint protection should be installed on your machines

Name Endpoint protection should be installed on your machines
Azure Portal
Id 1f7c564c-0a90-4d44-b7e1-9d456cffaee8
Version 1.0.0
details on versioning
Category Security Center
Microsoft docs
Description To protect your machines from threats and vulnerabilities, install a supported endpoint protection solution.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC
Role(s)
none
Rule
Aliases
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Security/assessments/status.code Microsoft.Security assessments properties.status.code false
Rule
ResourceTypes
IF (1)
Microsoft.HybridCompute/machines
Compliance The following 7 compliance controls are associated with this Policy definition 'Endpoint protection should be installed on your machines' (1f7c564c-0a90-4d44-b7e1-9d456cffaee8)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Azure Security Benchmark ES-2 Endpoint Security Use modern anti-malware software Shared **Security Principle:** Use anti-malware solutions capable of real-time protection and periodic scanning. **Azure Guidance:** Microsoft Defender for Cloud can automatically identify the use of a number of popular anti-malware solutions for your virtual machines and on-premises machines with Azure Arc configured, and report the endpoint protection running status and make recommendations. Microsoft Defender Antivirus is the default anti-malware solution for Windows server 2016 and above. For Windows server 2012 R2, use Microsoft Antimalware extension to enable SCEP (System Center Endpoint Protection), and Microsoft Defender for Cloud to discover and assess the health status. For Linux VMs, use Microsoft Defender for Endpoint on Linux. Note: You can also use Microsoft Defender for Cloud's Defender for Storage to detect malware uploaded to Azure Storage accounts. **Implementation and additional context:** Supported endpoint protection solutions: https://docs.microsoft.com/azure/security-center/security-center-services?tabs=features-windows#supported-endpoint-protection-solutions- How to configure Microsoft Antimalware for Cloud Services and virtual machines: https://docs.microsoft.com/azure/security/fundamentals/antimalware n/a link 5
NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 Software security 14.1.9 Maintaining hardened SOEs Customer n/a Whilst a SOE can be sufficiently hardened when it is deployed, its security will progressively degrade over time. Agencies can address the degradation of the security of a SOE by ensuring that patches are continually applied, system users are not able to disable or bypass security functionality and antivirus and other security software is appropriately maintained with the latest signatures and updates. End Point Agents monitor traffic and apply security policies on applications, storage interfaces and data in real-time. Administrators actively block or monitor and log policy breaches. The End Point Agent can also create forensic monitoring to facilitate incident investigation. End Point Agents can monitor user activity, such as the cut, copy, paste, print, print screen operations and copying data to external drives and other devices. The Agent can then apply policies to limit such activity. link 17
RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management Advanced Real-Timethreat Defenceand Management-13.1 n/a Build a robust defence against the installation, spread, and execution of malicious code at multiple points in the enterprise. 27
RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management Advanced Real-Timethreat Defenceand Management-13.2 n/a Implement Anti-malware, Antivirus protection including behavioural detection systems for all categories of devices ???(Endpoints such as PCs/laptops/ mobile devices etc.), servers (operating systems, databases, applications, etc.), Web/Internet gateways, email-gateways, Wireless networks, SMS servers etc. including tools and processes for centralised management and monitoring. 22
RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy Data Leak Prevention Strategy-15.1 n/a Develop a comprehensive data loss/leakage prevention strategy to safeguard sensitive (including confidential)business and customer data/information. 8
RBI_CSF_Banks_v2016 15.3 RBI_CSF_Banks_v2016_15.3 Data Leak Prevention Strategy Data Leak Prevention Strategy-15.3 n/a Similar arrangements need to be ensured at the vendor managed facilities as well. 5
SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Logical and Physical Access Controls Prevent or detect against unauthorized or malicious software Shared The customer is responsible for implementing this recommendation. Restricts Application and Software Installation — The ability to install applications and software is restricted to authorized individuals. • Detects Unauthorized Changes to Software and Configuration Parameters — Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. • Uses a Defined Change Control Process — A management-defined change control process is used for the implementation of software. • Uses Antivirus and Anti-Malware Software — Antivirus and anti-malware software is implemented and maintained to provide for the interception or detection and remediation of malware. • Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software — Procedures are in place to scan information assets that have been transferred or returned to the entity’s custody for malware and other unauthorized software and to remove any items detected prior to its implementation on the network. 54
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-30 14:27:30 add 1f7c564c-0a90-4d44-b7e1-9d456cffaee8
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
JSON